On occasion, users may wish to completely reset an SSD's cells to the same virgin state they were manufactured, thus restoring it to its [http://www.anandtech.com/storage/showdoc.aspx?i=3531&p=8 factory default write performance]. Write performance is known to degrade over time even on SSDs with native TRIM support. TRIM only safeguards against file deletes, not replacements such as an incremental save.

−

== Introduction ==

+

{{Warning|Back up ALL data of importance prior to continuing! Using this procedure will destroy ALL data on the SSD and render it unrecoverable by even data recovery services! Users will have to repartition the device and restore the data after completing this procedure!}}

−

On occasion, users may wish to completely reset an SSD's cells to the same virgin state they were manufactured, thus restoring it to its [http://www.anandtech.com/storage/showdoc.aspx?i=3531&p=8 factory default write performance]. Write performance is known to degrade over time even on SSDs with native TRIM support. TRIM only safeguards against file deletes, not replacements such as an incremental save.

+

{{Warning|Do '''not''' proceed with this if your drive isn't connected directly to a SATA interface. Issuing the Secure Erase command on a drive connected via USB or a SAS/RAID card could potentially brick the drive!}}

−

{{Warning|Back up ALL data of importance prior to continuing! Using this procedure will destroy ALL data on the SSD and render it unrecoverable by even data recovery services! Users will have to repartition the device and restore the data after completing this procedure!}}

−

== Quick N' Dirty ==

+

== tl; dr ==

+

{{Warning|It is recommended that you read the rest of the article BEFORE you try this! This section literally shows the minimum to wipe out an entire SSD for those not wanting to scroll though the text.}}

+

hdparm --user-master u --security-set-pass PasSWorD /dev/sdX

+

hdparm --user-master u --security-erase PasSWorD /dev/sdX

−

{{Warning|It is recommended that you read the rest of the article BEFORE you try this!}}

−

−

dcfldd if=/dev/zero of=/dev/sdX bs=4k

−

hdparm --user-master u --security-set-pass Eins /dev/sdX

−

hdparm --user-master u --security-erase Eins /dev/sdX

−

−

== Step 0 ==

−

{{warning|Triple check that the correct drive designation is used in the dcfldd step as there is no turning back once the ENTER key has been pressed! You have been warned.}}

−

−

Optionally write zeros to every block on the SSD using either dd or dcfldd:

−

dcfldd if=/dev/zero of=/dev/sdX bs=4k

−

−

Depending on the size and speed of the SSD, this step may take some time. A very nice feature of dcfldd is the level of verbosity it uses by default. It will report the current amount of data written to the device. Users can approximate how long the process will take based on this output.

== Step 1 - Make sure the drive security is not frozen ==

== Step 1 - Make sure the drive security is not frozen ==

Line 32:

Line 22:

# hdparm -I /dev/sdX

# hdparm -I /dev/sdX

−

If the command output shows "frozen" one cannot continue to the next step. Most BIOSes block the ATA Secure Erase command by issuing a "SECURITY FREEZE" command to "freeze" the drive before booting an operating system.

+

If the command output shows "frozen" one cannot continue to the next step. Some BIOSes block the ATA Secure Erase command by issuing a "SECURITY FREEZE" command to "freeze" the drive before booting an operating system.

−

A possible solution for SATA drives is hot-(re)plug the data cable (which might crash the kernel). If hot-(re)plugging the SATA data cable crashes the kernel try letting the operating system fully boot up, then quickly hot-(re)plug both the SATA power and data cables.

+

A possible solution is to simply suspend the system. Upon waking up, it is likely that the freeze will be lifts. If unsuccessful, one can try hot-(re)plug the data cable (which might crash the kernel). If hot-(re)plugging the SATA data cable crashes the kernel try letting the operating system fully boot up, then quickly hot-(re)plug both the SATA power and data cables.

−

* It has been reported that hooking up the drive to an eSATA SIIG ExpressCard/54 with an eSATA enclosure will leave the drive security state to "not frozen".

+

== Step 2 - Enable security by setting a user password ==

−

* Placing the target system into "sleep" (Clevo M865TU notebook, Fujitsu T2010 notebook, Dell XPS M1330) and waking it up again has been reported to work as well; this may reset drives to "not frozen". In case you are booting from USB, you need a distribution, that runs entirely in RAM, like [http://grml.org], see the grml2ram option. Run ''echo -n mem > /sys/power/state'' to set the computer to sleep.

+

{{Note|When the user password is set the drive will be locked after next power cycle denying normal access until unlocked with the correct password.}}

−

* Hooking up the drive to a USB 2/3 port does '''NOT''' work, as you need to issue IDE commands, which is only possible via IDE/SATA connection.

−

* Make sure drive security is '''disabled''' in BIOS, so no password is set:

{{warning|Triple check that the correct drive designation is used. '''THERE IS NO TURNING BACK ONCE THE ENTER KEY HAS BEEN PRESSED!''' You have been warned.}}

+

+

# hdparm --user-master u --security-erase PasSWorD /dev/sdX

−

Wait until the command completes. This example output shows it took about 40 seconds for an Intel X25-M 80GB SSD, for a 1TB hard disk it might take 3 hours or more!

+

Wait until the command completes. This example output shows it took about 40 seconds for an Intel X25-M 80GB SSD.

−

security_password="Eins"

+

security_password="PasSWorD"

/dev/sdX:

/dev/sdX:

−

Issuing SECURITY_ERASE command, password="Eins", user=user

+

Issuing SECURITY_ERASE command, password="PasSWorD", user=user

0.000u 0.000s 0:39.71 0.0% 0+0k 0+0io 0pf+0w

0.000u 0.000s 0:39.71 0.0% 0+0k 0+0io 0pf+0w

−

The drive is now erased. After a successful erasure the drive security should automatically be set to disabled (thus no longer requiring a password for access). Verify this by running the following command:

+

The drive is now erased. After a successful erasure the drive security should automatically be set to disabled (thus no longer requiring a password for access). Verify this by running the following command:

Warning: Back up ALL data of importance prior to continuing! Using this procedure will destroy ALL data on the SSD and render it unrecoverable by even data recovery services! Users will have to repartition the device and restore the data after completing this procedure!

Warning: Do not proceed with this if your drive isn't connected directly to a SATA interface. Issuing the Secure Erase command on a drive connected via USB or a SAS/RAID card could potentially brick the drive!

Contents

tl; dr

Warning: It is recommended that you read the rest of the article BEFORE you try this! This section literally shows the minimum to wipe out an entire SSD for those not wanting to scroll though the text.

Step 1 - Make sure the drive security is not frozen

Issue the following command:

# hdparm -I /dev/sdX

If the command output shows "frozen" one cannot continue to the next step. Some BIOSes block the ATA Secure Erase command by issuing a "SECURITY FREEZE" command to "freeze" the drive before booting an operating system.

A possible solution is to simply suspend the system. Upon waking up, it is likely that the freeze will be lifts. If unsuccessful, one can try hot-(re)plug the data cable (which might crash the kernel). If hot-(re)plugging the SATA data cable crashes the kernel try letting the operating system fully boot up, then quickly hot-(re)plug both the SATA power and data cables.

Step 2 - Enable security by setting a user password

Note: When the user password is set the drive will be locked after next power cycle denying normal access until unlocked with the correct password.

Any password will do, as this should only be temporary. After the secure erase the password will be set back to NULL. In this example, the password is "PasSWorD" as shown:

The drive is now erased. After a successful erasure the drive security should automatically be set to disabled (thus no longer requiring a password for access). Verify this by running the following command: